Remote Offensive Security Engineer

Summary

Join a global team that makes it possible for merchants to collect payments in emerging markets. As a Security Engineer, you will assess network, environment, or technologies; write tooling to assist with offensive security assessment; conduct discovery activities to map environments; build, conduct, and participate in offensive security exercises; perform penetration testing, vulnerability scanning, code reviews, and design/architecture reviews.

Requirements

• Advanced background in Offensive Security (Red Team active participation)
• Strong understanding of vulnerabilities, common attack vectors and how to solve/fix them
• A great eye to identify/analyze attacks on company assets and also simulate internal/external attacks (Ethical Hacker mindset)
• Well-rounded background in host, network and application security (Web, API and Mobile)
• Huge familiarity with threat analysis (malware, phishing, social engineering, etc)
• Attacker mindset ability to think about creative threats and attack vectors
• Knowledge in tailored reconnaissance, weaponization, exploitation and lateral movement
• Know-How of Threat modeling in a cloud environment
• Experience with common security tools including but not limited to: Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, Censys/Shodan and others
• Familiarity with implementation and maintenance of SAST/DAST/IAST sensors
• In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks
• Understanding of a complete SDLC and how to make it secured (S-SDLC)
• Familiarity with Cloud platforms (AWS or equivalent)
• Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially Engineering Team)
• Effective written and oral communication involving both business and technical sides of the business
• Quickly identify issues and solve them
• Ability to present technical risks to a broader audience (both written and spoken)

Responsibilities

• Assess network, environment, or technologies
• Write tooling to assist with offensive security assessment
• Conduct discovery activities to map environments
• Build, conduct, and participate in offensive security exercises
• Perform penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews and design/architecture reviews
• Work closely with development teams to mitigate or remediate security vulnerabilities
• Empower developers to do their jobs securely without creating additional friction
• Educate our engineers about security in application code and infrastructure
• Educate our non-technical employees about security good practices and attacks
• Assist in Incident Response activities (if it involves Security)

Preferred Qualifications

• Experience on research of vulnerabilities and development of exploitation tools
• Building and automating common Red Team processes and activities
• Knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
• Certification or equivalent knowledge (DCPT/OSCP/OSCE/OSWP/OSWE/CEH)
• Exposure to PCI-DSS framework or any other relevant security standard will be valued
• Have previously participated as speaker (or just participated in the activities) on Security conferences like DefCon, MindTheSec, EkoParty, Hackaflag, Bhack, You sh0t the sheriff, CryptoRave, etc
• Active participation in CTFs and also Bug Bounty programs